search

OpenUnison / openunison-k8s-activedirectory

Self service portal for Kubernetes. Automate provisioning and access of namespaces, authenticate users using Active Directory or LDAP.
https://www.tremolosecurity.com/kubernetes/
Apache License 2.0
15 stars 6 forks source link

ERROR JITAuthMech - Could not execute workflow 'jitdb' ... Could not reload user #13

Closed devopstales closed 4 years ago

devopstales commented 4 years ago

I have tried to connect to openldap with openunison and when I try to login at the pod logs I see a Java error:

[2020-04-08 15:36:56,053][XNIO-1 task-13] INFO  ProvisioningEngineImpl - target=jitdb entry=true Add user=tester workflow=jitdb approval=0 userName='tester'
[2020-04-08 15:36:56,102][XNIO-1 task-13] INFO  ProvisioningEngineImpl - target=jitdb entry=false Add user=tester workflow=jitdb approval=0 sub='tester'
[2020-04-08 15:36:56,115][XNIO-1 task-13] INFO  ProvisioningEngineImpl - target=jitdb entry=false Add user=tester workflow=jitdb approval=0 firstName='Test'
[2020-04-08 15:36:56,135][XNIO-1 task-13] INFO  ProvisioningEngineImpl - target=jitdb entry=false Add user=tester workflow=jitdb approval=0 lastName='Elek'
[2020-04-08 15:36:56,151][XNIO-1 task-13] INFO  ProvisioningEngineImpl - target=jitdb entry=false Add user=tester workflow=jitdb approval=0 mail='tester@mydomain.intra'
[2020-04-08 15:36:56,171][XNIO-1 task-13] INFO  ProvisioningEngineImpl - target=jitdb entry=false Add user=tester workflow=jitdb approval=0 group='users'
[2020-04-08 15:36:56,245][XNIO-1 task-13] INFO  AccessLog - SRCH op=6 con=5 base='o=Tremolo' filter='(uid=tester)' scope='2' attribs=''
[2020-04-08 15:36:56,246][XNIO-1 task-13] INFO  DumpTransaction - [k8s] Begin Seach - Filter=(uid=tester);Base=o=Tremolo;Scope=2;Attributes=
[2020-04-08 15:36:56,271][XNIO-1 task-13] INFO  DumpTransaction - [k8s] Seach submitted
[2020-04-08 15:36:56,271][XNIO-1 task-13] INFO  AccessLog - RESULT op=6 con=5 result=0 time=26
[2020-04-08 15:36:56,271][XNIO-1 task-13] INFO  AccessLog - SRCH-RESULT op=6 con=5 entries=0 time=26
[2020-04-08 15:36:56,272][XNIO-1 task-13] INFO  DumpTransaction - [k8s] Begin Post Search Complete - Filter=(uid=tester);Base=o=Tremolo;Scope=2;Attributes=[]
[2020-04-08 15:36:56,272][XNIO-1 task-13] INFO  DumpTransaction - [k8s] Post Search Complete Complete
[2020-04-08 15:36:56,272][XNIO-1 task-13] INFO  AccessLog - SRCH-RESULT op=6 con=5 entries=0 time=27
[2020-04-08 15:36:56,277][XNIO-1 task-13] ERROR JITAuthMech - Could not execute workflow 'jitdb' on 'cn=Test Elek,ou=activedirectory,o=Data'com.tremolosecurity.provisioning.core.ProvisioningException: Could not reload user
    at com.tremolosecurity.provisioning.core.WorkflowImpl.executeWorkflow(WorkflowImpl.java:598)
    at com.tremolosecurity.provisioning.auth.JITAuthMech.doGet(JITAuthMech.java:126)
    at com.tremolosecurity.provisioning.auth.JITAuthMech.doPost(JITAuthMech.java:75)
    at com.tremolosecurity.proxy.auth.sys.AuthManagerImpl.execAuth(AuthManagerImpl.java:412)
    at com.tremolosecurity.proxy.auth.sys.AuthManagerImpl.nextAuth(AuthManagerImpl.java:125)
    at com.tremolosecurity.proxy.auth.sys.AuthManagerImpl.nextAuth(AuthManagerImpl.java:83)
    at com.tremolosecurity.proxy.auth.FormLoginAuthMech.doPost(FormLoginAuthMech.java:217)
    at com.tremolosecurity.proxy.auth.AuthMgrSys.doAuthMgr(AuthMgrSys.java:193)
    at com.tremolosecurity.embedd.NextEmbSys.nextSys(NextEmbSys.java:126)
    at com.tremolosecurity.proxy.auth.AzSys.doAz(AzSys.java:89)
    at com.tremolosecurity.embedd.NextEmbSys.nextSys(NextEmbSys.java:111)
    at com.tremolosecurity.proxy.auth.AuthSys.doAuth(AuthSys.java:118)
    at com.tremolosecurity.embedd.NextEmbSys.nextSys(NextEmbSys.java:105)
    at com.tremolosecurity.proxy.ConfigSys.doConfig(ConfigSys.java:293)
    at com.tremolosecurity.embedd.NextEmbSys.nextSys(NextEmbSys.java:93)
    at com.tremolosecurity.filter.UnisonServletFilter.doFilter(UnisonServletFilter.java:290)
    at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
    at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
    at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
    at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
    at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
    at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
    at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
    at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
    at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
    at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
    at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
    at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
    at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
    at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
    at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
    at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
    at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
    at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
    at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
    at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
    at io.undertow.server.Connectors.executeRootHandler(Connectors.java:376)
    at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
Caused by: com.tremolosecurity.provisioning.core.ProvisioningException: User cn=Test Elek,ou=activedirectory,o=Data does not exist
    at com.tremolosecurity.provisioning.core.WorkflowImpl.executeWorkflow(WorkflowImpl.java:594)
    ... 45 more
com.tremolosecurity.provisioning.core.ProvisioningException: User cn=Test Elek,ou=activedirectory,o=Data does not exist
    at com.tremolosecurity.provisioning.core.WorkflowImpl.executeWorkflow(WorkflowImpl.java:594)
    at com.tremolosecurity.provisioning.auth.JITAuthMech.doGet(JITAuthMech.java:126)
    at com.tremolosecurity.provisioning.auth.JITAuthMech.doPost(JITAuthMech.java:75)
    at com.tremolosecurity.proxy.auth.sys.AuthManagerImpl.execAuth(AuthManagerImpl.java:412)
    at com.tremolosecurity.proxy.auth.sys.AuthManagerImpl.nextAuth(AuthManagerImpl.java:125)
    at com.tremolosecurity.proxy.auth.sys.AuthManagerImpl.nextAuth(AuthManagerImpl.java:83)
    at com.tremolosecurity.proxy.auth.FormLoginAuthMech.doPost(FormLoginAuthMech.java:217)
    at com.tremolosecurity.proxy.auth.AuthMgrSys.doAuthMgr(AuthMgrSys.java:193)
    at com.tremolosecurity.embedd.NextEmbSys.nextSys(NextEmbSys.java:126)
    at com.tremolosecurity.proxy.auth.AzSys.doAz(AzSys.java:89)
    at com.tremolosecurity.embedd.NextEmbSys.nextSys(NextEmbSys.java:111)
    at com.tremolosecurity.proxy.auth.AuthSys.doAuth(AuthSys.java:118)
    at com.tremolosecurity.embedd.NextEmbSys.nextSys(NextEmbSys.java:105)
    at com.tremolosecurity.proxy.ConfigSys.doConfig(ConfigSys.java:293)
    at com.tremolosecurity.embedd.NextEmbSys.nextSys(NextEmbSys.java:93)
    at com.tremolosecurity.filter.UnisonServletFilter.doFilter(UnisonServletFilter.java:290)
    at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
    at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
    at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
    at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
    at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
    at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
    at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
    at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
    at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
    at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
    at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
    at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
    at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
    at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
    at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
    at io.undertow.servlet.core.ServletReque

I addid a modified myvd:

#Global AuthMechConfig
server.globalChain=accesslog

server.globalChain.accesslog.className=com.tremolosecurity.proxy.myvd.log.AccessLog

server.nameSpaces=rootdse,myvdroot,shadowUsers,activedirectory
server.rootdse.chain=dse
server.rootdse.nameSpace=
server.rootdse.weight=0
server.rootdse.dse.className=net.sourceforge.myvd.inserts.RootDSE
server.rootdse.dse.config.namingContexts=o=Tremolo
server.myvdroot.chain=root
server.myvdroot.nameSpace=o=Tremolo
server.myvdroot.weight=0
server.myvdroot.root.className=net.sourceforge.myvd.inserts.RootObject

server.shadowUsers.chain=debug,mapping,api
server.shadowUsers.nameSpace=ou=shadow,o=Tremolo
server.shadowUsers.weight=0
server.shadowUsers.enabled=true
server.shadowUsers.debug.className=net.sourceforge.myvd.inserts.DumpTransaction
server.shadowUsers.debug.config.logLevel=info
server.shadowUsers.debug.config.label=k8s
server.shadowUsers.mapping.className=net.sourceforge.myvd.inserts.mapping.AttributeMapper
server.shadowUsers.mapping.config.mapping=mail=email,givenname=first_name,sn=last_name
server.shadowUsers.api.className=com.tremolosecurity.myvd.K8sCrdInsert
server.shadowUsers.api.config.nameSpace=openunison
server.shadowUsers.api.config.k8sTargetName=k8s

server.activedirectory.chain=objectguid2text,dnmapper,memberof,objmap,membertrans,ldap
server.activedirectory.nameSpace=ou=activedirectory,o=Data
server.activedirectory.weight=0
server.activedirectory.enabled=true
server.activedirectory.objectguid2text.className=com.tremolosecurity.proxy.myvd.inserts.util.UUIDtoText
server.activedirectory.objectguid2text.config.attributeName=objectGUID
server.activedirectory.dnmapper.className=net.sourceforge.myvd.inserts.mapping.DNAttributeMapper
server.activedirectory.dnmapper.config.dnAttribs=member,owner,member,distinguishedName,manager
server.activedirectory.dnmapper.config.localBase=ou=activedirectory,o=Data
server.activedirectory.dnmapper.config.urlAttribs=
server.activedirectory.dnmapper.config.remoteBase=#[AD_BASE_DN]
server.activedirectory.memberof.className=net.sourceforge.myvd.inserts.mapping.VirtualMemberOf
server.activedirectory.memberof.config.searchBase=ou=activedirectory,o=Data
server.activedirectory.memberof.config.applyToObjectClass=inetOrgPerson
server.activedirectory.memberof.config.attributeName=memberOf
server.activedirectory.memberof.config.searchObjectClass=groupOfNames
server.activedirectory.memberof.config.searchAttribute=member
server.activedirectory.memberof.config.replace=false
server.activedirectory.objmap.className=net.sourceforge.myvd.inserts.mapping.AttributeValueMapper
server.activedirectory.objmap.config.mapping=objectClass.inetOrgPerson=inetOrgPerson,objectClass.groupofnames=groupOfNames
server.activedirectory.membertrans.className=net.sourceforge.myvd.inserts.mapping.AttributeMapper
server.activedirectory.membertrans.config.mapping=member=member,uid=uid
server.activedirectory.ldap.className=com.tremolosecurity.proxy.myvd.inserts.ad.ADLdapInsert
server.activedirectory.ldap.config.host=#[AD_HOST]
server.activedirectory.ldap.config.port=#[AD_PORT]
server.activedirectory.ldap.config.remoteBase=#[AD_BASE_DN]
server.activedirectory.ldap.config.proxyDN=#[AD_BIND_DN]
server.activedirectory.ldap.config.proxyPass=#[AD_BIND_PASSWORD]
server.activedirectory.ldap.config.useSrvDNS=#[SRV_DNS]
server.activedirectory.ldap.config.ignoreRefs=true
server.activedirectory.ldap.config.passBindOnly=true
server.activedirectory.ldap.config.maxIdle=90000
server.activedirectory.ldap.config.maxMillis=90000
server.activedirectory.ldap.config.maxStaleTimeMillis=90000
server.activedirectory.ldap.config.minimumConnections=10
server.activedirectory.ldap.config.maximumConnections=10
server.activedirectory.ldap.config.usePaging=false
server.activedirectory.ldap.config.pageSize=0
server.activedirectory.ldap.config.heartbeatIntervalMillis=60000
server.activedirectory.ldap.config.type=#[AD_CON_TYPE]
server.activedirectory.ldap.config.sslSocketFactory=com.tremolosecurity.proxy.ssl.TremoloSSLSocketFactory

There is no user CRD in the openunison namespace.

mlbiam commented 4 years ago

I see the issue. your shadowusers block is built off the login portal so its trying to talk to k8s, not the db. Thats because when we created these instructions we didn't adjust accordingly. try:

#Global AuthMechConfig
server.globalChain=accesslog

server.globalChain.accesslog.className=com.tremolosecurity.proxy.myvd.log.AccessLog

server.nameSpaces=rootdse,myvdroot,shadow,shadowUsers,shadowGroups,activedirectory
server.rootdse.chain=createTables,dse
server.rootdse.nameSpace=
server.rootdse.weight=0
server.rootdse.createTables.className=com.tremolosecurity.unison.k8s.dataobjects.CreateLocalUsers
server.rootdse.createTables.config.driver=#[OU_JDBC_DRIVER]
server.rootdse.createTables.config.url=#[OU_JDBC_URL]
server.rootdse.createTables.config.user=#[OU_JDBC_USER]
server.rootdse.createTables.config.password=#[OU_JDBC_PASSWORD]
server.rootdse.createTables.config.dialect=#[OU_HIBERNATE_DIALECT]
server.rootdse.dse.className=net.sourceforge.myvd.inserts.RootDSE
server.rootdse.dse.config.namingContexts=o=Tremolo
server.myvdroot.chain=root
server.myvdroot.nameSpace=o=Tremolo
server.myvdroot.weight=0
server.myvdroot.root.className=net.sourceforge.myvd.inserts.RootObject

server.shadow.chain=entry
server.shadow.nameSpace=ou=shadow,o=Tremolo
server.shadow.weight=0
server.shadow.entry.className=net.sourceforge.myvd.inserts.RootObject

server.shadowUsers.chain=loadGroups,tremolo
server.shadowUsers.nameSpace=ou=users,ou=shadow,o=Tremolo
server.shadowUsers.weight=0
server.shadowUsers.enabled=true
server.shadowUsers.logit.className=net.sourceforge.myvd.inserts.DumpTransaction
server.shadowUsers.logit.config.logLevel=info
server.shadowUsers.logit.config.label=fromdb
server.shadowUsers.loadGroups.className=com.tremolosecurity.proxy.myvd.inserts.AddGroupsFromProvisioningTarget
server.shadowUsers.loadGroups.config.attributeName=groups
server.shadowUsers.loadGroups.config.targetName=jitdb
server.shadowUsers.loadGroups.config.uidAttribute=uid
server.shadowUsers.loadGroups.config.label=
server.shadowUsers.tremolo.className=net.sourceforge.myvd.inserts.jdbc.JdbcInsert
server.shadowUsers.tremolo.config.driver=#[OU_JDBC_DRIVER]
server.shadowUsers.tremolo.config.url=#[OU_JDBC_URL]
server.shadowUsers.tremolo.config.user=#[OU_JDBC_USER]
server.shadowUsers.tremolo.config.password=#[OU_JDBC_PASSWORD]
server.shadowUsers.tremolo.config.maxCons=10
server.shadowUsers.tremolo.config.maxConsIdle=10
server.shadowUsers.tremolo.config.validationQuery=#[OU_JDBC_VALIDATION]
server.shadowUsers.tremolo.config.rdn=uid
server.shadowUsers.tremolo.config.useSimple=true
server.shadowUsers.tremolo.config.addBaseToFilter=false
server.shadowUsers.tremolo.config.objectClass=inetOrgPerson
server.shadowUsers.tremolo.config.mapping=mail=mail,uid=sub,givenname=firstName,sn=lastName
server.shadowUsers.tremolo.config.sql=SELECT mail,sub,firstName,lastName FROM localUsers

server.shadowGroups.chain=dbgroups,tremolo
server.shadowGroups.nameSpace=ou=groups,ou=shadow,o=Tremolo
server.shadowGroups.weight=0
server.shadowGroups.enabled=true
server.shadowGroups.dbgroups.className=net.sourceforge.myvd.inserts.jdbc.DBGroups
server.shadowGroups.dbgroups.config.memberAttribute=uniqueMember
server.shadowGroups.dbgroups.config.suffix=ou=users,ou=shadow,o=Tremolo
server.shadowGroups.dbgroups.config.rdn=uid
server.shadowGroups.tremolo.className=net.sourceforge.myvd.inserts.jdbc.JdbcInsert
server.shadowGroups.tremolo.config.driver=#[OU_JDBC_DRIVER]
server.shadowGroups.tremolo.config.url=#[OU_JDBC_URL]
server.shadowGroups.tremolo.config.user=#[OU_JDBC_USER]
server.shadowGroups.tremolo.config.password=#[OU_JDBC_PASSWORD]
server.shadowGroups.tremolo.config.maxCons=10
server.shadowGroups.tremolo.config.maxConsIdle=10
server.shadowGroups.tremolo.config.validationQuery=#[OU_JDBC_VALIDATION]
server.shadowGroups.tremolo.config.rdn=cn
server.shadowGroups.tremolo.config.useSimple=true
server.shadowGroups.tremolo.config.addBaseToFilter=false
server.shadowGroups.tremolo.config.objectClass=groupOfUniqueNames
server.shadowGroups.tremolo.config.mapping=cn=name,uniqueMember=sub
server.shadowGroups.tremolo.config.sql=SELECT name,sub FROM localGroups LEFT OUTER JOIN userGroups ON localGroups.groupId=userGroups.groupId LEFT OUTER JOIN localUsers ON userGroups.userId=localUsers.userId

server.activedirectory.chain=objectguid2text,dnmapper,memberof,objmap,membertrans,ldap
server.activedirectory.nameSpace=ou=activedirectory,o=Data
server.activedirectory.weight=0
server.activedirectory.enabled=true
server.activedirectory.objectguid2text.className=com.tremolosecurity.proxy.myvd.inserts.util.UUIDtoText
server.activedirectory.objectguid2text.config.attributeName=objectGUID
server.activedirectory.dnmapper.className=net.sourceforge.myvd.inserts.mapping.DNAttributeMapper
server.activedirectory.dnmapper.config.dnAttribs=member,owner,member,distinguishedName,manager
server.activedirectory.dnmapper.config.localBase=ou=activedirectory,o=Data
server.activedirectory.dnmapper.config.urlAttribs=
server.activedirectory.dnmapper.config.remoteBase=#[AD_BASE_DN]
server.activedirectory.memberof.className=net.sourceforge.myvd.inserts.mapping.VirtualMemberOf
server.activedirectory.memberof.config.searchBase=ou=activedirectory,o=Data
server.activedirectory.memberof.config.applyToObjectClass=inetOrgPerson
server.activedirectory.memberof.config.attributeName=memberOf
server.activedirectory.memberof.config.searchObjectClass=groupOfNames
server.activedirectory.memberof.config.searchAttribute=member
server.activedirectory.memberof.config.replace=false
server.activedirectory.objmap.className=net.sourceforge.myvd.inserts.mapping.AttributeValueMapper
server.activedirectory.objmap.config.mapping=objectClass.inetOrgPerson=inetOrgPerson,objectClass.groupofnames=groupOfNames
server.activedirectory.membertrans.className=net.sourceforge.myvd.inserts.mapping.AttributeMapper
server.activedirectory.membertrans.config.mapping=member=member,uid=uid
server.activedirectory.ldap.className=com.tremolosecurity.proxy.myvd.inserts.ad.ADLdapInsert
server.activedirectory.ldap.config.host=#[AD_HOST]
server.activedirectory.ldap.config.port=#[AD_PORT]
server.activedirectory.ldap.config.remoteBase=#[AD_BASE_DN]
server.activedirectory.ldap.config.proxyDN=#[AD_BIND_DN]
server.activedirectory.ldap.config.proxyPass=#[AD_BIND_PASSWORD]
server.activedirectory.ldap.config.useSrvDNS=#[SRV_DNS]
server.activedirectory.ldap.config.ignoreRefs=true
server.activedirectory.ldap.config.passBindOnly=true
server.activedirectory.ldap.config.maxIdle=90000
server.activedirectory.ldap.config.maxMillis=90000
server.activedirectory.ldap.config.maxStaleTimeMillis=90000
server.activedirectory.ldap.config.minimumConnections=10
server.activedirectory.ldap.config.maximumConnections=10
server.activedirectory.ldap.config.usePaging=false
server.activedirectory.ldap.config.pageSize=0
server.activedirectory.ldap.config.heartbeatIntervalMillis=60000
server.activedirectory.ldap.config.type=#[AD_CON_TYPE]
server.activedirectory.ldap.config.sslSocketFactory=com.tremolosecurity.proxy.ssl.TremoloSSLSocketFactory

(i just replaced everything north of activedirectory, leaving your activedirectory block intact)

devopstales commented 4 years ago

THX It is workin now.